Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4385 | 1 Intuitive Custom Post Order Project | 1 Intuitive Custom Post Order | 2023-02-27 | N/A | 4.3 MEDIUM |
| The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order | |||||
| CVE-2023-0928 | 1 Google | 1 Chrome | 2023-02-27 | N/A | 8.8 HIGH |
| Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4622 | 1 Wpbrigade | 1 Login Logout Menu | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4386 | 1 Intuitive Custom Post Order Project | 1 Intuitive Custom Post Order | 2023-02-27 | N/A | 4.3 MEDIUM |
| The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack | |||||
| CVE-2023-0931 | 1 Google | 1 Chrome | 2023-02-27 | N/A | 8.8 HIGH |
| Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0930 | 1 Google | 1 Chrome | 2023-02-27 | N/A | 8.8 HIGH |
| Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0929 | 1 Google | 1 Chrome | 2023-02-27 | N/A | 8.8 HIGH |
| Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0933 | 1 Google | 1 Chrome | 2023-02-27 | N/A | 8.8 HIGH |
| Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | |||||
| CVE-2023-0932 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-02-27 | N/A | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0941 | 1 Google | 1 Chrome | 2023-02-27 | N/A | 8.8 HIGH |
| Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-0966 | 1 Online Eyewear Shop Project | 1 Online Eyewear Shop | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635. | |||||
| CVE-2023-0442 | 1 Loan Comparison Project | 1 Loan Comparison | 2023-02-27 | N/A | 6.1 MEDIUM |
| The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL. | |||||
| CVE-2023-0429 | 1 Kibokolabs | 1 Watu Quiz | 2023-02-27 | N/A | 4.8 MEDIUM |
| The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-0428 | 1 Kibokolabs | 1 Watu Quiz | 2023-02-27 | N/A | 6.1 MEDIUM |
| The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2023-0419 | 1 Smg-webdesign | 1 Shortcode For Font Awesome | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0380 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0378 | 1 Greenshiftwp | 1 Greenshift - Animation And Page Builder Blocks | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0375 | 1 Bootstrapped | 1 Easy Affiliate Links | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0372 | 1 Embedsocial | 1 Embedstories | 2023-02-27 | N/A | 5.4 MEDIUM |
| The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0371 | 1 Embedsocial | 1 Embedsocial | 2023-02-27 | N/A | 5.4 MEDIUM |
| The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||